Breaking! Sri Lanka's Ministry of Finance robbed of $2.5 million, four officials suspended for investigation

Sri Lanka’s Ministry of Finance Hacked: Attack in January Altered Email Payment Instructions, Stealing $2.5 Million Sovereign Repayment Intended for Australia; Exposure After Australian Creditors Didn’t Receive Funds, Four Officials Suspended, Sri Lanka Collaborates with Australia on Investigation.
(Background: Sri Lanka Bankruptcy, Humanitarian Crisis! Protesters Storm Official Residences, President Announces Resignation of Prime Minister)
(Additional Context: Solana Protocol Loopscale Hacked, Loss of $5.8 Million, Official: Efforts Underway to Recover)

Table of Contents

Toggle

• Email Intercepted, Account Changed: Initial Reveal of Attack Method
• Four Officials Suspended, Australia Joins Investigation
• New Impact After Sovereign Default: Sri Lanka’s Fragile Moment

Sri Lanka Experiences a National-Level Cyberattack! Secretary of Finance Harshana Suriyapperuma told the media on Thursday that hackers infiltrated the Ministry of Finance’s computer system in January this year, successfully stealing $2.5 million (approximately £1.8 million) in sovereign repayment funds.

This amount was originally used to settle bilateral debt with Australia. When Australian creditors did not receive the payment, they raised questions, leading to the exposure of the incident.

Email Intercepted, Account Changed: Initial Reveal of Attack Method

Investigators currently believe this was a Business Email Compromise (BEC) type attack. After infiltrating the Ministry of Finance’s email system, hackers altered the recipient account information during the sovereign debt payment process, redirecting the original $2.5 million intended for Australia to other accounts.

Suriyapperuma said, “Sri Lanka made the payment on time, but cybercriminals intercepted it and transferred the funds to other bank accounts instead of the original recipient.” Deputy Minister of Finance Anil Jayantha Fernando added that the full scope of the incident only became clear when hackers attempted to replicate the same method for another repayment to India.

How the hackers breached multiple defenses of the Ministry of Finance’s system is still under investigation. Officials stated they are seeking assistance from multiple foreign law enforcement agencies.

Four Officials Suspended, Australia Joins Investigation

Suriyapperuma stated that four senior officials from the Public Debt Management Office have been suspended. The investigation focuses on understanding why controls at various levels failed and whether the stolen funds can still be recovered.

Australia’s High Commissioner to Colombo, Matthew Duckworth, confirmed on X that Canberra is aware of the payment irregularity and said, “Sri Lankan authorities are investigating this matter and coordinating with Australian officials providing assistance.”

New Impact After Sovereign Default: Sri Lanka’s Fragile Moment

This intrusion occurred during Sri Lanka’s most vulnerable recovery period. Four years ago, Sri Lanka faced a severe foreign exchange crisis, with foreign reserves exhausted, leading to shortages of food, fuel, and medicine. Colombo defaulted on $46 billion (about £34 billion) in external debt, and large-scale protests ultimately toppled President Gotabaya Rajapaksa in July 2022.

Since then, Sri Lanka has continued debt restructuring and fiscal reforms. The $2.5 million repayment to Australia was part of this restructuring plan. Now that it has been stolen, it represents not only a financial loss but also a heavy blow to the Sri Lankan government’s efforts to rebuild its sovereign credit.